Administrative Domain - Explore the Science & Experts | ideXlab

Scan Science and Technology

Contact Leading Edge Experts & Companies

Administrative Domain

The Experts below are selected from a list of 4704 Experts worldwide ranked by ideXlab platform

Vinod Ganapathy – 1st expert on this subject based on the ideXlab platform

  • ICISS – Reflections on the Self-service Cloud Computing Project
    Information Systems Security, 2015
    Co-Authors: Vinod Ganapathy

    Abstract:

    Modern cloud computing infrastructures use virtual machine monitors VMMs that often include a large and complex Administrative Domain with privileges to inspect client VM state. Attacks against or misuse of the Administrative Domain can compromise client security and privacy. Moreover, these VMMs provide clients inflexible control over their own VMs, as a result of which clients have to rely on the cloud provider to deploy useful services, such as VM introspection-based security tools.

    This paper discusses the self-service cloud computing SSC project that addresses these two shortcomings. SSC splits Administrative privileges between a system-wide Domain and per-client Administrative Domains. Each client can manage and perform privileged system tasks on its own VMs, thereby providing flexibility. The system-wide Administrative Domain cannot inspect the code, data or computation of client VMs, thereby ensuring security and privacy. SSC also allows providers and clients to establish mutually trusted services that can check regulatory compliance while respecting client privacy. We have used a prototype implementation of SSC atop the Xen hypervisor to build user Domains to perform privileged tasks such as memory introspection, storage intrusion detection, and anomaly detection.

  • ACM Conference on Computer and Communications Security – Self-service cloud computing
    Proceedings of the 2012 ACM conference on Computer and communications security – CCS '12, 2012
    Co-Authors: Shakeel Butt, H. Andrés Lagar-cavilla, Abhinav Srivastava, Vinod Ganapathy

    Abstract:

    Modern cloud computing infrastructures use virtual machine monitors (VMMs) that often include a large and complex Administrative Domain with privileges to inspect client VM state. Attacks against or misuse of the Administrative Domain can compromise client security and privacy. Moreover, these VMMs provide clients inflexible control over their own VMs, as a result of which clients have to rely on the cloud provider to deploy useful services, such as VM introspection-based security tools. We introduce a new self-service cloud (SSC) computing model that addresses these two shortcomings. SSC splits Administrative privileges between a system-wide Domain and per-client Administrative Domains. Each client can manage and perform privileged system tasks on its own VMs, thereby providing flexibility. The system-wide Administrative Domain cannot inspect the code, data or computation of client VMs, thereby ensuring security and privacy. SSC also allows providers and clients to establish mutually trusted services that can check regulatory compliance while respecting client privacy. We have implemented SSC by modifying the Xen hypervisor. We demonstrate its utility by building user Domains to perform privileged tasks such as memory introspection, storage intrusion detection, and anomaly detection.

  • Self-service cloud computing
    Proceedings of the 2012 ACM conference on Computer and communications security – CCS '12, 2012
    Co-Authors: Sajid Butt, Shakeel Butt, H. Andrés Lagar-cavilla, Abhinav Srivastava, Vinod Ganapathy

    Abstract:

    Modern cloud computing infrastructures use virtual machine monitors (VMMs) that often include a large and complex Administrative Domain with privileges to inspect client VM state. Attacks against or misuse of the Administrative Domain can compromise client security and privacy. Moreover, these VMMs provide clients inflexible control over their own VMs, as a result of which clients have to rely on the cloud provider to deploy useful services, such as VM introspection-based security tools. We introduce a new self-service cloud (SSC) computing model that addresses these two shortcomings. SSC splits Administrative privileges between a system-wide Domain and per-client Administrative Domains. Each client can manage and perform privileged system tasks on its own VMs, thereby providing flexibility. The system-wide Administrative Domain cannot inspect the code, data or computation of client VMs, thereby ensuring security and privacy. SSC also allows providers and clients to establish mutually trusted services that can check regulatory compliance while respecting client privacy. We have implemented SSC by modifying the Xen hypervisor. We demonstrate its utility by building user Domains to perform privileged tasks such as memory introspection, storage intrusion detection, and anomaly detection.

Kim-kwang Raymond Choo – 2nd expert on this subject based on the ideXlab platform

  • Enhanced Network Support for Federated Cloud Infrastructures
    IEEE Cloud Computing, 2016
    Co-Authors: Aniello Castiglione, Francesco Palmieri, Kim-kwang Raymond Choo

    Abstract:

    This article addresses the need for a new dedicated bandwidth paradigm that allows flexible orchestration of resources from different sites (for example, a manufacturing organization and its upstream and downstream vendors) joining a cloud without belonging to the same Administrative Domain (that is, it supports cross-Domain operations and advanced network support). The main design goal is to turn the network communication capabilities into virtualized resources that can be scheduled in conjunction with more traditional cloud resources and managed by a specific software layer within the federated (manufacturing) cloud system services to implement a service plane for use by cloud applications and resource-management services.

Spyros Denazis – 3rd expert on this subject based on the ideXlab platform

  • technical infrastructure for a pan european federation of testbeds
    Testbeds and Research Infrastructures for the DEvelopment of NeTworks and COMmunities, 2009
    Co-Authors: Sebastian Wahle, Thomas Magedanz, Anastasius Gavras, Halid Hrasnica, Spyros Denazis

    Abstract:

    The Pan-European laboratory – Panlab – is based on federation of distributed testbeds that are interconnected, providing access to required platforms, networks and services for broad interoperability testing and enabling the trial and evaluation of service concepts, technologies, system solutions and business models. In this context a testbed federation is the interconnection of two or more independent testbeds for the temporary creation of a richer environment for testing and experimentation, and for the increased multilateral benefit of the users of the individual independent testbeds. The technical infrastructure that supports the federation is based on a web service through which available testing resources can be queried and requested. The available resources are stored in a repository, and a processing engine is able to identify, locate and provision the requested testing infrastructure, based on the testing users’ requirements. The concept is implemented using a gateway approach at the border of each federated testbed. Each testbed is an independent Administrative Domain and implements a reference point specification in its gateway.

  • TRIDENTCOM – Technical infrastructure for a Pan-European federation of testbeds
    2009 5th International Conference on Testbeds and Research Infrastructures for the Development of Networks & Communities and Workshops, 2009
    Co-Authors: Sebastian Wahle, Thomas Magedanz, Anastasius Gavras, Halid Hrasnica, Spyros Denazis

    Abstract:

    The Pan-European laboratory – Panlab – is based on federation of distributed testbeds that are interconnected, providing access to required platforms, networks and services for broad interoperability testing and enabling the trial and evaluation of service concepts, technologies, system solutions and business models. In this context a testbed federation is the interconnection of two or more independent testbeds for the temporary creation of a richer environment for testing and experimentation, and for the increased multilateral benefit of the users of the individual independent testbeds. The technical infrastructure that supports the federation is based on a web service through which available testing resources can be queried and requested. The available resources are stored in a repository, and a processing engine is able to identify, locate and provision the requested testing infrastructure, based on the testing users’ requirements. The concept is implemented using a gateway approach at the border of each federated testbed. Each testbed is an independent Administrative Domain and implements a reference point specification in its gateway.